Overview

overview

10

Static

static

SecuriteIn...19.exe

windows7-x64

10

SecuriteIn...19.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    50s
  • max time network
    48s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    24-11-2022 05:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SecuriteInfo.com.Win32.PWSX-gen.15485.10619.exe

  • Size

    698KB

  • MD5

    384c1108356687200fa75e23c9880279

  • SHA1

    6b9eb66cedd25665627c095b40d41913447ca60b

  • SHA256

    7c470477c32979be016bffc98f861acc089861a6a2ba015aed73d769774370bf

  • SHA512

    954821f87770e3013f3c1e35cbd33772c806dc255be206c300314bf659cb41232e82303dfee325165891263796c82ce28eb172e27b405ee77f68412cd1225446

  • SSDEEP

    12288:SJRgh/PsZ1DX/VDJtmZo6+qLCON4WI1GtpRZF/R1Y3U7t7E:sRgh/Pomxzmc4XAFc7

Score
10/10
formbookm5oeratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Campaign

m5oe

Decoy

HdR8hG6r12hBYuHY4zv6YeeFPQ==

tD1V9gswYvgQXEGd

1xKtJ1LdqRYMRMC84U1A

MbhjiWb7Lz8z7KIWl3UyUIJwA6Tb

joVB5Xggy2RtE+odsZg=

TrduAIay6Y3SvoIK20xI

pSna7LOsXXwXT/zz3Iow4g==

QnthmO4Qst5gC3sDoA==

eAirzOOgO7SOCenz3Iow4g==

xg0uSbfLTg==

YWQXwyGRzPEHzGrDFE8CBSE=

ujLnfuXoH9dbgHIK20xI

291v0XsGFrYQXEGd

MRvTd/qMuaHpjCM=

X131fLC6VWX4MsvCb2IPjIfq8wlksWfg

Y9Bur8DbgqFt/Yni86MMCCE=

q6RTBmJkmy5pWTmmCCrvmuCDPw==

mQS26DojT+EQXEGd

sjHQ+Kav2Wx9FeodsZg=

JA24UKnTA5re1LhcQaVo/w==

Signatures

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.PWSX-gen.15485.10619.exe
    "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.PWSX-gen.15485.10619.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1748
    • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.PWSX-gen.15485.10619.exe
      "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.PWSX-gen.15485.10619.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:1316

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1316-64-0x00000000004012B0-mapping.dmp
    Download
  • memory/1316-60-0x0000000000400000-0x000000000042F000-memory.dmp
    Filesize

    188KB

    Download
  • memory/1316-61-0x0000000000400000-0x000000000042F000-memory.dmp
    Filesize

    188KB

    Download
  • memory/1316-63-0x0000000000400000-0x000000000042F000-memory.dmp
    Filesize

    188KB

    Download
  • memory/1316-66-0x0000000000400000-0x000000000042F000-memory.dmp
    Filesize

    188KB

    Download
  • memory/1316-67-0x0000000000401000-0x000000000042F000-memory.dmp
    Filesize

    184KB

    Download
  • memory/1316-68-0x00000000009A0000-0x0000000000CA3000-memory.dmp
    Filesize

    3.0MB

    Download
  • memory/1748-55-0x0000000076091000-0x0000000076093000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1748-56-0x0000000001E50000-0x0000000001E68000-memory.dmp
    Filesize

    96KB

    Download
  • memory/1748-57-0x00000000005A0000-0x00000000005AC000-memory.dmp
    Filesize

    48KB

    Download
  • memory/1748-58-0x0000000004F60000-0x0000000004FD0000-memory.dmp
    Filesize

    448KB

    Download
  • memory/1748-59-0x0000000004E10000-0x0000000004E44000-memory.dmp
    Filesize

    208KB

    Download
  • memory/1748-54-0x00000000001F0000-0x00000000002A4000-memory.dmp
    Filesize

    720KB

    Download